You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Overview
The Islandora XACML Editor provides a graphical user interface to edit XACML policies for objects in a repository or collection. It adds a new section in the Manage tab for each object and collection called Object Policy where permissions can be granted to Drupal users or roles for the following:
Dependencies
Drupal.org modules:
Installation
Install as usual, see this for further information.
Usage
Using the Object Policy tab to manage access restrictions with XACML
Configuration
Fedora Configuration
It may be desirable--and in fact necessary for some modules--to disable/remove ene of the default XACML policies which denies any interactions with the POLICY datastream to users without the "administrator" role.
This policy is located here: $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-policy-management-if-not-administrator.xml
Solr Searching Hook
In order to comply with XACML restrictions placed on objects, a hook is used to filter results that do not conform to a searching user's roles and name. This hook will not function correctly if the Solr fields for ViewableByUser
and ViewableByRole
are not defined correctly as they are set in the XSLT. These values can be set through the admin page for the module.
Module Configuration
Configuration options for the Islandora XACML Editor and Islandora XACML API are available at admin/islandora/tools/xacml
- Islandora XACML API - Define which fields in the RELS-EXT hold access restriction information so they can be indexed by Solr
- Islandora XACML Editor - Configure default settings and options in the XACML editor for collections and objects
Notes
- When an object is added to a collection through the interface, the collection's POLICY will be automatically applied to the new object.
- Editing XACML policies outside of Islandora and adding them through the interface or directly to Fedora objects may result in POLICY datastreams that can't be used by Islandora. Use the XACML editor in the interface to make changes to XACML policies whenever possible.